Methods and systems for selectively processing VLAN traffic from different networks while allowing flexible VLAN identifier assignment are disclosed. According to one aspect, a layer 2 switch includes a virtual switch identifier data structure that associates a VLAN identifier extracted from a layer 2 frame and a port identifier corresponding to a port on which a frame is received with a virtual switch identifier. The virtual switch identifier is used to select a per-virtual-switch data structure, such as a forwarding table. The per-virtual-switch data structure is used to control processing of the layer 2 frame on a per-virtual-switch basis. The per-virtual-switch data structure may also be updated separately from the data structures assigned to other virtual switches.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for selectively processing virtual local area network (VLAN) traffic from different networks while allowing flexible VLAN identifier assignment, the method comprising: (a) receiving, from a first network, a first layer 2 frame at a first port in a layer 2 switch, the first layer 2 frame having a first VLAN identifier; (b) associating a first port identifier corresponding to the first port with the first layer 2 frame; (c) determining a first virtual switch based on the combination of the first port identifier and the first VLAN identifier, wherein the first virtual switch is associated with a first message processing data structure; (d) selectively processing the first layer 2 frame using the first message processing data structure associated with the first virtual switch without modifying the first VLAN identifier; (e) receiving, from a second network, a second layer 2 frame at a second port in the layer 2 switch, the second layer 2 frame having the first VLAN identifier; (f) associating a second port identifier corresponding to the second port with the second layer 2 frame; (g) determining a second virtual switch based on the combination of the second port identifier and the first VLAN identifier, wherein the second virtual switch is associated with a second message processing data structure being separate from the first message processing data structure; and (h) selectively processing the second layer 2 frame using the second message processing data structure associated with the second virtual switch without modifying the first VLAN identifier, wherein selectively processing the second layer 2 frame includes processing the second layer 2 frame differently from the first layer 2 frame.
2. The method of claim 1 wherein selectively processing the first and second layer 2 frames includes preventing the first layer 2 frame from being forwarded to the second network and preventing the second layer 2 frame from being forwarded to the first network.
3. The method of claim 2 wherein preventing the first layer 2 frame from being forwarded to the second network and preventing the second layer 2 frame from being forwarded to the first network includes maintaining separate forwarding databases for the first and second virtual switches.
4. The method of claim 1 wherein associating first and second port identifiers with the first and second layer 2 frames includes adding the first and second port identifiers to the first and second layer 2 frames upon entry into the layer 2 switch.
5. The method of claim 1 wherein the layer 2 switch includes a plurality of ports and wherein the method further comprises assigning all VLANs on at least one of the ports to the same virtual switch.
6. A method for selectively processing virtual local area network (VLAN) traffic from different networks while allowing flexible VLAN identifier assignment, the method comprising: (a) receiving, from a first network, a first layer 2 frame at a first port in a layer 2 switch, the first layer 2 frame having a first VLAN identifier; (b) associating a first port identifier corresponding to the first port with the first layer 2 frame; (c) assigning the first layer 2 frame to a first virtual switch based on the first port identifier and the first VLAN identifier, wherein assigning the first layer 2 frame to the first virtual switch includes determining whether all VLANs on the first port are associated with the same virtual switch, wherein the first virtual switch is associated with a first message processing data structure; (d) selectively processing the first layer 2 frame using the first message processing data structure associated with the first virtual switch without modifying the first VLAN identifier; (e) receiving, from a second network, a second layer 2 frame at a second port in the layer 2 switch, the second layer 2 frame having the first VLAN identifier; (f) associating a second port identifier corresponding to the second port with the second layer 2 frame; (g) assigning the second layer 2 frame to a second virtual switch based on the second port identifier and the first VLAN identifier, wherein the second virtual switch is associated with a second message processing data structure being separate from the first message processing data structure; (h) selectively processing the second layer 2 frame using the second message processing data structure associated with the second virtual switch without modifying the first VLAN identifier, wherein selectively processing the second layer 2 frame includes processing the second layer 2 frame differently from the first layer 2 frame; and (i) wherein the layer 2 switch includes a plurality of ports and wherein the method further comprises assigning all VLANs on at least one of the ports to the same virtual switch.
7. The method of claim 6 wherein determining a first virtual switch includes, in response to determining that all VLANs on the first port are not associated with the same virtual switch, identifying the first virtual switch using the first port using the first VLAN identifier.
8. The method of claim 1 wherein the layer 2 switch includes a plurality of ports and wherein the method further comprises grouping the ports into port sets.
9. The method of claim 8 wherein determining a first virtual switch includes determining a port set identifier corresponding to the first port identifier and identifying the first virtual switch using the port set identifier and the first VLAN identifier.
10. The method of claim 1 wherein the layer 2 switch includes a plurality of ports and wherein the method further comprises assigning all VLANs associated with some of the ports with the same virtual switch and grouping the ports into port sets.
11. A method for selectively processing virtual local area network (VLAN) traffic from different networks while allowing flexible VLAN identifier assignment, the method comprising: (a) receiving, from a first network, a first layer 2 frame at a first port in a layer 2 switch, the first layer 2 frame having a first VLAN identifier; (b) associating a first port identifier corresponding to the first port with the first layer 2 frame; (c) assigning the first layer 2 frame to a first virtual switch based on the first port identifier and the first VLAN identifier, wherein the layer 2 switch includes a plurality of ports, wherein the first virtual switch is associated with a first message processing data structure, wherein the method further comprises assigning all VLANs associated with some of the ports with the same virtual switch and grouping the ports into port sets and wherein assigning the first layer 2 frame to the first virtual switch includes: (ii) determining whether all VLANs on the first port are assigned to the same virtual switch; (iii) in response to determining that all VLANs on the first port are not assigned to the same virtual switch, determining a port set identifier corresponding to the first port identifier; and (iv) identifying the first virtual switch using the port set identifier and the first VLAN identifier; (d) selectively processing the first layer 2 frame using the first message processing data structure associated with the first virtual switch without modifying the first VLAN identifier; (e) receiving, from a second network, a second layer 2 frame at a second port in the layer 2 switch, the second layer 2 frame having the first VLAN identifier; (f) associating a second port identifier corresponding to the second port with the second layer 2 frame; (g) assigning the second layer 2 frame to a second virtual switch based on the second port identifier and the first VLAN identifier, wherein the second virtual switch is associated with a second message processing data structure being separate from the first message processing data structure; and (h) selectively processing the second layer 2 frame using the second message processing data structure associated with the second virtual switch without modifying the second first VLAN identifier, wherein selectively processing the second layer 2 frame includes processing the second layer 2 frame differently from the first layer 2 frame.
12. The method of claim 1 wherein the first and second networks are associated with different end users.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
December 22, 2003
April 6, 2010
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.